source: zzuf/trunk/src/libzzuf/sys.c @ 4112

Last change on this file since 4112 was 4112, checked in by sam, 5 years ago

Reorganise source code to better separate zzuf and libzzuf. Note: the Win32
build is now broken.

  • Property svn:keywords set to Id
File size: 3.0 KB
Line 
1/*
2 *  zzuf - general purpose fuzzer
3 *  Copyright (c) 2006,2007 Sam Hocevar <sam@zoy.org>
4 *                All Rights Reserved
5 *
6 *  $Id$
7 *
8 *  This program is free software. It comes without any warranty, to
9 *  the extent permitted by applicable law. You can redistribute it
10 *  and/or modify it under the terms of the Do What The Fuck You Want
11 *  To Public License, Version 2, as published by Sam Hocevar. See
12 *  http://sam.zoy.org/wtfpl/COPYING for more details.
13 */
14
15/*
16 *  sys.c: system-dependent initialisation
17 */
18
19#include "config.h"
20
21#if defined HAVE_STDINT_H
22#   include <stdint.h>
23#elif defined HAVE_INTTYPES_H
24#   include <inttypes.h>
25#endif
26
27#if defined HAVE_WINDOWS_H
28#   include <windows.h>
29#   include <imagehlp.h>
30#   include <tlhelp32.h>
31#   define import_t PIMAGE_IMPORT_DESCRIPTOR
32#   define thunk_t PIMAGE_THUNK_DATA
33#endif
34
35#include <stdio.h>
36
37#include "sys.h"
38
39#if defined HAVE_WINDOWS_H
40static void insert_func(void *, void *, void *);
41
42/* TODO: get rid of this later */
43HINSTANCE (__stdcall *LoadLibraryA_orig)(LPCSTR);
44HINSTANCE __stdcall LoadLibraryA_new(LPCSTR path)
45{
46    void *ret;
47    fprintf(stderr, "If you see this message, DLL preloading worked\n");
48    ret = LoadLibraryA_orig(path);
49    fprintf(stderr, "If you see this message, function diversion worked\n");
50    return ret;
51}
52#endif
53
54void _zz_sys_init(void)
55{
56#if defined HAVE_WINDOWS_H
57    MEMORY_BASIC_INFORMATION mbi;
58    MODULEENTRY32 entry;
59    void *list, *kernel32;
60    int k;
61
62    kernel32 = GetModuleHandleA("kernel32.dll");
63    LoadLibraryA_orig = (void *)GetProcAddress(kernel32, "LoadLibraryA");
64
65    VirtualQuery(_zz_sys_init, &mbi, sizeof(mbi));
66    list = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, GetCurrentProcessId());
67    entry.dwSize = sizeof(entry);
68    for(k = Module32First(list, &entry); k; k = Module32Next(list, &entry))
69    {
70        if(entry.hModule == mbi.AllocationBase)
71            continue; /* Don't replace our own functions */
72
73        insert_func(entry.hModule, LoadLibraryA_orig, LoadLibraryA_new);
74    }
75    CloseHandle(list);
76#else
77    /* Nothing to do on our platform */
78#endif
79}
80
81#if defined HAVE_WINDOWS_H
82static void insert_func(void *module, void *old, void *new)
83{
84    unsigned long dummy;
85    import_t import;
86    thunk_t thunk;
87    int j, i;
88
89    import = (import_t)
90        ImageDirectoryEntryToData(module, TRUE,
91                                  IMAGE_DIRECTORY_ENTRY_IMPORT, &dummy);
92    if(!import)
93        return;
94
95    for(j = 0; import[j].Name; j++)
96    {
97        char *name = (char *)module + import[j].Name;
98        if(lstrcmpiA(name, "kernel32.dll") != 0)
99            continue;
100
101        thunk = (thunk_t)((char *)module + import->FirstThunk);
102        for(i = 0; thunk[i].u1.Function; i++)
103        {
104            void **func = (void **)&thunk[i].u1.Function;
105            if(*func != old)
106                continue;
107
108            VirtualProtect(func, sizeof(func), PAGE_EXECUTE_READWRITE, &dummy);
109            WriteProcessMemory(GetCurrentProcess(), func, &new,
110                               sizeof(new), NULL);
111            return;
112        }
113    }
114}
115#endif
116
Note: See TracBrowser for help on using the repository browser.